This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
ShareFile single sign-on configuration guide for ADFS 3
Prerequisites to installation
To set up ShareFile to authenticate with Active Directory Federated Services, you need the following:
- Windows Server 2012 R2
- A publicly signed SSL Certificate from a CA. Self-signed and unsigned certificates are not accepted.
- An FQDN for your ADFS server
- Access to an administrator account within ShareFile with the ability to configure single sign-on.
Note:
To provision users from your Active Directory to ShareFile, reference the User Management Tool installation guide.
ADFS 3.0 (Role-based install)
-
You cannot download Microsoft Active Directory Federated Services 3.0 separately. You must use a Windows 2012 R2 server for this version.
-
Install the Role-based or featured based installation. Click Next.
-
Select the server for the install and click Next. Then select Active Directory Federation Services. Click Next.
-
Click Next through the Server Roles, AD FS and then to the Confirmation screen. Check the box for Restart, say Yes to the next screen, and click Install.
-
Once ADFS is installed, you must complete a post deployment activity if this is the first AD FS server in Active Directory. Use your own configuration information for this step.
Setting up ADFS 3.0
- In the ADFS 3.0 management console, start the Configuration Wizard.
-
When the wizard starts, select Create a new Federation Service and click Next.
-
Since we use a Wildcard Certificate, we must determine a Federation Service Name. If you are not using a wildcard SSL cert, you might not have to do this step. Then click Next to continue.
-
Click Next to configure.
-
Confirm that all the configurations were finished without error and click Close and exit the wizard.
-
Expand the Service node in the Management Console. Select the Token Signing certificate and click View Certificate in the right-hand column.
-
In the Certificate window, select the Details tab and then click Copy to File.
-
Click Next to continue.
-
Select Base-64 encoded X.509 (.CER) as the export format for the certificate, then click Next.
-
Save the certificate file and click Next.
-
Click Finish to save the file.
-
Browse to the folder where you exported the certificate and open it with Notepad.
-
Select all the text inside the Notepad and copy.
- Open Internet Explorer and go to your ShareFile account (
https://<yoursubdomain>.sharefile.com). Sign in with your administrator account. Navigate to Admin Settings > Security > Login & Security Policy. Find Single sign-on / SAML 2.0 Configuration.- Switch Enable SAML setting to Yes.
-
ShareFile Issuer / Entity ID:
https://<subdomain>.sharefile.com/saml/info -
Your IDP Issuer / Entity ID:
https://<adfs>.yourdomain.com - X.509 Certificate: Paste the contents of exported certificate from previous section
-
Login URL:
https://<adfs>.yourdomain.com/adfs/ls
- In Optional Settings, change the following values.
- Enable Web Authentication: Yes (Check marked)
- SP-Initiated Auth Context: User Name and Password – Minimum
-
Minimize Internet Explorer and return to the ADFS Management Console. Expand the Trust Relationships node and select Relying Party Trusts. Then click Add Relying Party Trust… from the right-hand side of the console. This launches the Add Relying Trust Wizard.
-
Click Start to begin specifying a Relying Party Trust.
-
Retrieving the metadata from the SAML site can configure the trust automatically for you. Use
https://<yoursubdomain>.sharefile.com/saml/metadataas the federation metadata address (host name or URL). Click Next.
-
Specify a Display Name. Typically you keep this as
<yoursubdomain>.sharefile.com, so you can identify the different trusts from each other.
-
Permit all users to access this relying party. Click Next.
-
Verify that the information is correct and click Next.
-
Verify that the check box for Open the Edit Claim Rules dialog for this relying party trust when the wizard closes is checked. Then click Close.
-
On the Issuance Transform Rules tab, click Add Rule.
-
The first rule is to Send LDAP Attributes as Claims.
-
Users in the ShareFile are identified by their email address. We send the claim as a UPN. Give a descriptive Claim rule name, such as E-mail Address to E-mail Address. Select Active Directory as the attribute store. Finally, select E-Mail Address as the LDAP attribute and E-mail Address as the Outgoing Claim Type. Click Finish.
-
Create a second rule. This rule is used to Transform an Incoming Claim. Click Next.
-
The incoming claim type transforms the incoming email address to an outgoing Name ID claim type in the email format. Give a descriptive name, such as Named ID to E-Mail Address. The Incoming claim type is Email Address, the Outgoing claim type Name ID. The Outgoing name format is Email. Click Finish.
-
Verify that the claims are correct, then click OK.
-
Switch to any web browser and navigate to
https://<yoursubdomain>.sharefile.com/saml/login. You are redirected to your ADFS services. If your sign-in email is linked to a user on AD, then you are able to authenticate with your AD credentials.
Share
Share
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.